Johnchd

**Name of the Vulnerable Software and Affected Versions** WebERP version 4.15.2 **Description** An error-based SQL Injection (SQLi) vulnerability allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the `DEL` form field in a POST request to "/StockCounts.php". This enables the extraction of confidential information. **Recommendations** For WebERP version 4.15.2, consider disabling the `/StockCounts.php` endpoint or restricting access to the `DEL` form field until a patch is available. As a temporary workaround, avoid using the `DEL` form field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebERP version 4.15.2 **Description** A SQL Injection issue allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the `ReportID` and `ReplaceReportID` parameters within a POST request to "/reportwriter/admin/ReportCreator.php". **Recommendations** For WebERP version 4.15.2, as a temporary workaround, consider disabling the "/reportwriter/admin/ReportCreator.php" endpoint until a patch is available. Restrict access to the `ReportID` and `ReplaceReportID` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Openmrs version 2.4.3 Build 0ff0ed Description: A reflected cross-site scripting (XSS) issue exists in the /legacyui/quickReportServlet component, allowing attackers to execute arbitrary JavaScript in the context of a user's browser. This is achieved by injecting a crafted payload into the `reportType` parameter. Recommendations: For Openmrs version 2.4.3 Build 0ff0ed, as a temporary workaround, consider restricting access to the /legacyui/quickReportServlet component until a patch is available. Avoid using the `reportType` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.